Conventionally, there is known a Web service called a mashup, etc., that provides a new service by allowing a plurality of services to cooperate with one another. For example, as one mode of service cooperation, there is a printing service where a plurality of services with different providing sources are allowed to cooperate with one another. Specifically, a user stores data in a document management service provided by company B. Company A obtains the data of the user kept in company B and prints the data on a printing machine at company C, using a printing service provided thereby.
An authentication method using OAuth 2.0 is used for such service cooperation. In the authentication method using OAuth 2.0, a pre-authentication phase and a verification phase are performed. For example, in the pre-authentication phase, the user accesses company A using a Web browser, etc., to perform user authentication. If the authentication result is OK, then the user requests company A for a printing service. When company A receives the request for a printing service, company A requests company B for provision of data by redirection via a user terminal.
In the verification phase, the user performs authentication with company B using a Web browser, etc. Then, company B transmits a result of the authentication performed by the user to company A through the user terminal. Thereafter, company A transmits an access token request to company B, using an API (Application Program Interface) for performing a printing service. Company B transmits, as a response, an access token indicating an API for obtaining user data. Then, company A transmits the access token received from company B, to company B to request to obtain user data. In this manner, company B provides company A with the user data.
By thus exchanging an access token which is a permit allowed by the user, between company A and company B in the verification phase, access right authority delegation is performed, thereby implementing secure service cooperation. In addition, in OAuth 2.0, if the user is being logged in to the service, then service cooperation is performed with a verification phase being omitted during an access token validity period.    Non-Patent Document 1: OAuth 2.0 IETF rfc6749 “http://tools.ietf.org/html/rfc6749”
However, in the conventional art, when a large number of service requests are made, a large number of verification phases in OAuth processes may be performed. Therefore, the OAuth processes become a bottleneck, causing a problem of degradation in processing performance.
For example, in OAuth 2.0, both of a pre-authentication phase and a verification phase are performed for new users and users who log in again after logout. Hence, when a large number of such users transmit service requests to the above-described company A, company A results in performing a large number of OAuth processes, increasing processing load. In this case, company A encounters delays in OAuth processes themselves and delays in other processes such as data transmission to company B, and thus, the performance as the whole service degrades.